You are viewing a plain text version of this content. The canonical link for it is here.

Posted to docs@httpd.apache.org by bu...@apache.org on 2020/07/16 10:43:34 UTC

[Bug 64607] New: RewriteRule: Incorrect description for the NoEscape flag

https://bz.apache.org/bugzilla/show_bug.cgi?id=64607

            Bug ID: 64607
           Summary: RewriteRule: Incorrect description for the NoEscape
                    flag
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Documentation
          Assignee: docs@httpd.apache.org
          Reporter: bram-ncnpur@mail.wizbit.be
  Target Milestone: ---

Documentation for the NoEscape RewriteRule flag:
https://httpd.apache.org/docs/trunk/rewrite/flags.html#flag_ne 

> By default, special characters, such as & and ?, for example, will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening. 

Testing this however shows that this does *not* happen for the '&' character.

Digging into the code: as far as I can tell it either ends up in:

* modules/proxy/proy_util.c: ap_proxy_canonenc or
* server/util.c: ap_os_escape_path (which uses a list generated by
server/gen_test_char.c)

Both of these treat the '&' as an allowed character in a path.

For reference: list of characters that are treated as allowed (and are thus
never converted to their hexcode equivalent):
* alphanumeric characters
* characters: "$-_.+!*'(),:;@&=/~"

As a minimum I would drop the reference to '&' in the description since it's
incorrect.
I suppose it could be replaced with another character (such as '{') or as an
alternative list the characters that are allowed.

I.e. something like:

> By default, special characters(*) will be converted to their hexcode equivalent. Using the [NE] flag prevents that from happening. 
> (*): special characters: characters that are *not*:
> - alphanumeric characters,
> - '$',
> - '-',
> - '_',
> - ...

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org

[Bug 64607] RewriteRule: Incorrect description for the NoEscape flag

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=64607

Bram <br...@mail.wizbit.be> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 OS|Windows XP                  |All
           Hardware|PC                          |All

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org